canonical · nsklikas · Feb 5, 2024 · Feb 6, 2024 · Feb 6, 2024 · Feb 6, 2024
diff --git a/access_error.go b/access_error.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite
@@ -10,11 +10,12 @@ import (
 	"net/http"
 )
 
-func (f *Fosite) WriteAccessError(ctx context.Context, rw http.ResponseWriter, req AccessRequester, err error) {
+// Convert an error to an http response as per RFC6749
+func (f *Fosite) WriteAccessError(ctx context.Context, rw http.ResponseWriter, req Requester, err error) {
 	f.writeJsonError(ctx, rw, req, err)
 }
 
-func (f *Fosite) writeJsonError(ctx context.Context, rw http.ResponseWriter, requester AccessRequester, err error) {
+func (f *Fosite) writeJsonError(ctx context.Context, rw http.ResponseWriter, requester Requester, err error) {
 	rw.Header().Set("Content-Type", "application/json;charset=UTF-8")
 	rw.Header().Set("Cache-Control", "no-store")
 	rw.Header().Set("Pragma", "no-cache")

diff --git a/access_error_test.go b/access_error_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite_test

diff --git a/access_request.go b/access_request.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/access_request_handler.go b/access_request_handler.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/access_request_handler_test.go b/access_request_handler_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite_test

diff --git a/access_request_test.go b/access_request_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/access_response.go b/access_response.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/access_response_test.go b/access_response_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite_test

diff --git a/access_response_writer.go b/access_response_writer.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/access_response_writer_test.go b/access_response_writer_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite_test

diff --git a/access_write.go b/access_write.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/access_write_test.go b/access_write_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite_test

diff --git a/arguments.go b/arguments.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/arguments_test.go b/arguments_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/audience_strategy.go b/audience_strategy.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite
@@ -92,10 +92,10 @@ func GetAudiences(form url.Values) []string {
 	}
 }
 
-func (f *Fosite) validateAuthorizeAudience(ctx context.Context, r *http.Request, request *AuthorizeRequest) error {
-	audience := GetAudiences(request.Form)
+func (f *Fosite) validateAudience(ctx context.Context, r *http.Request, request Requester) error {
+	audience := GetAudiences(request.GetRequestForm())
 
-	if err := f.Config.GetAudienceStrategy(ctx)(request.Client.GetAudience(), audience); err != nil {
+	if err := f.Config.GetAudienceStrategy(ctx)(request.GetClient().GetAudience(), audience); err != nil {
 		return err
 	}
 

diff --git a/audience_strategy_test.go b/audience_strategy_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/authorize_error.go b/authorize_error.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/authorize_error_test.go b/authorize_error_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite_test

diff --git a/authorize_helper.go b/authorize_helper.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/authorize_helper_test.go b/authorize_helper_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite_test

diff --git a/authorize_helper_whitebox_test.go b/authorize_helper_whitebox_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/authorize_request.go b/authorize_request.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/authorize_request_handler.go b/authorize_request_handler.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite
@@ -371,7 +371,7 @@ func (f *Fosite) newAuthorizeRequest(ctx context.Context, r *http.Request, isPAR
 		return request, err
 	}
 
-	if err := f.validateAuthorizeAudience(ctx, r, request); err != nil {
+	if err := f.validateAudience(ctx, r, request); err != nil {
 		return request, err
 	}
 

diff --git a/authorize_request_handler_oidc_request_test.go b/authorize_request_handler_oidc_request_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/authorize_request_handler_test.go b/authorize_request_handler_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite_test

diff --git a/authorize_request_test.go b/authorize_request_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/authorize_response.go b/authorize_response.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/authorize_response_test.go b/authorize_response_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/authorize_response_writer.go b/authorize_response_writer.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/authorize_response_writer_test.go b/authorize_response_writer_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite_test

diff --git a/authorize_validators_test.go b/authorize_validators_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/authorize_write.go b/authorize_write.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/authorize_write_test.go b/authorize_write_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite_test

diff --git a/client.go b/client.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/client_authentication.go b/client_authentication.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/client_authentication_jwks_strategy.go b/client_authentication_jwks_strategy.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/client_authentication_jwks_strategy_test.go b/client_authentication_jwks_strategy_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/client_authentication_test.go b/client_authentication_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite_test

diff --git a/client_manager.go b/client_manager.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/client_test.go b/client_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/client_with_custom_token_lifespans.go b/client_with_custom_token_lifespans.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/client_with_custom_token_lifespans_test.go b/client_with_custom_token_lifespans_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package fosite

diff --git a/compose/compose.go b/compose/compose.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package compose
@@ -53,6 +53,9 @@ func Compose(config *fosite.Config, storage interface{}, strategy interface{}, f
 		if ph, ok := res.(fosite.PushedAuthorizeEndpointHandler); ok {
 			config.PushedAuthorizeEndpointHandlers.Append(ph)
 		}
+		if dh, ok := res.(fosite.DeviceEndpointHandler); ok {
+			config.DeviceEndpointHandlers.Append(dh)
+		}
 	}
 
 	return f
@@ -68,10 +71,12 @@ func ComposeAllEnabled(config *fosite.Config, storage interface{}, key interface
 		storage,
 		&CommonStrategy{
 			CoreStrategy:               NewOAuth2HMACStrategy(config),
+			RFC8628CodeStrategy:        NewDeviceStrategy(config),
 			OpenIDConnectTokenStrategy: NewOpenIDConnectStrategy(keyGetter, config),
 			Signer:                     &jwt.DefaultSigner{GetPrivateKey: keyGetter},
 		},
-		OAuth2AuthorizeExplicitFactory,
+		OAuth2AuthorizeExplicitAuthFactory,
+		Oauth2AuthorizeExplicitTokenFactory,
 		OAuth2AuthorizeImplicitFactory,
 		OAuth2ClientCredentialsGrantFactory,
 		OAuth2RefreshTokenGrantFactory,
@@ -86,6 +91,9 @@ func ComposeAllEnabled(config *fosite.Config, storage interface{}, key interface
 		OAuth2TokenIntrospectionFactory,
 		OAuth2TokenRevocationFactory,
 
+		RFC8628DeviceFactory,
+		RFC8628DeviceAuthorizationTokenFactory,
+
 		OAuth2PKCEFactory,
 		PushedAuthorizeHandlerFactory,
 	)

diff --git a/compose/compose_oauth2.go b/compose/compose_oauth2.go
@@ -1,4 +1,4 @@
-// Copyright © 2023 Ory Corp
+// Copyright © 2024 Ory Corp
 // SPDX-License-Identifier: Apache-2.0
 
 package compose
@@ -9,16 +9,35 @@ import (
 	"github.com/ory/fosite/token/jwt"
 )
 
-// OAuth2AuthorizeExplicitFactory creates an OAuth2 authorize code grant ("authorize explicit flow") handler and registers
+// OAuth2AuthorizeExplicitAuthFactory creates an OAuth2 authorize code grant ("authorize explicit flow") handler and registers
 // an access token, refresh token and authorize code validator.
-func OAuth2AuthorizeExplicitFactory(config fosite.Configurator, storage interface{}, strategy interface{}) interface{} {
-	return &oauth2.AuthorizeExplicitGrantHandler{
-		AccessTokenStrategy:    strategy.(oauth2.AccessTokenStrategy),
-		RefreshTokenStrategy:   strategy.(oauth2.RefreshTokenStrategy),
-		AuthorizeCodeStrategy:  strategy.(oauth2.AuthorizeCodeStrategy),
-		CoreStorage:            storage.(oauth2.CoreStorage),
-		TokenRevocationStorage: storage.(oauth2.TokenRevocationStorage),
-		Config:                 config,
+func OAuth2AuthorizeExplicitAuthFactory(config fosite.Configurator, storage interface{}, strategy interface{}) interface{} {
+	return &oauth2.AuthorizeExplicitGrantAuthHandler{
+		AuthorizeCodeStrategy: strategy.(oauth2.AuthorizeCodeStrategy),
+		AuthorizeCodeStorage:  storage.(oauth2.AuthorizeCodeStorage),
+		Config:                config,
+	}
+}
+
+// Oauth2AuthorizeExplicitTokenFactory creates an OAuth2 authorize code grant ("authorize explicit flow") token handler and registers
+// an access token, refresh token and authorize code validator.
+func Oauth2AuthorizeExplicitTokenFactory(config fosite.Configurator, storage interface{}, strategy interface{}) interface{} {
+	return &oauth2.AuthorizeExplicitTokenEndpointHandler{
+		GenericCodeTokenEndpointHandler: oauth2.GenericCodeTokenEndpointHandler{
+			AccessRequestValidator: &oauth2.AuthorizeExplicitGrantAccessRequestValidator{},
+			CodeHandler: &oauth2.AuthorizeCodeHandler{
+				AuthorizeCodeStrategy: strategy.(oauth2.AuthorizeCodeStrategy),
+			},
+			SessionHandler: &oauth2.AuthorizeExplicitGrantSessionHandler{
+				AuthorizeCodeStorage: storage.(oauth2.AuthorizeCodeStorage),
+			},
+
+			AccessTokenStrategy:    strategy.(oauth2.AccessTokenStrategy),
+			RefreshTokenStrategy:   strategy.(oauth2.RefreshTokenStrategy),
+			CoreStorage:            storage.(oauth2.CoreStorage),
+			TokenRevocationStorage: storage.(oauth2.TokenRevocationStorage),
+			Config:                 config,
+		},
 	}
 }
 
@@ -96,7 +115,7 @@ func OAuth2TokenIntrospectionFactory(config fosite.Configurator, storage interfa
 
 // OAuth2StatelessJWTIntrospectionFactory creates an OAuth2 token introspection handler and
 // registers an access token validator. This can only be used to validate JWTs and does so
-// statelessly, meaning it uses only the data available in the JWT itself, and does not access the
+// stateless, meaning it uses only the data available in the JWT itself, and does not access the
 // storage implementation at all.
 //
 // Due to the stateless nature of this factory, THE BUILT-IN REVOCATION MECHANISMS WILL NOT WORK.